SAMBA/LDAP/Group Policy
Doug Douglass
samba at denverdata.com
Fri Jan 11 12:38:39 GMT 2002
> -----Original Message-----
> From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
> Behalf Of Gerald (Jerry) Carter
> Sent: Wednesday, January 09, 2002 8:31 PM
> To: Andi
> Cc: samba at lists.samba.org
> Subject: Re: SAMBA/LDAP/Group Policy
>
>
> On Wed, 9 Jan 2002, Andi wrote:
>
> > has anybody successfully used an nt workstation with an samba
> 2.2.2 server
> > (with ldap support) and ntconfig.pol with group policies?
> >
> > I calculated the RID (userid * 2 + 1000). I made a Unix Group "test"
> > that is available for Samba (I tested with a share and write
> list = @test).
> > Then I used an Policy Editor on a NT workstation that has successfully
> > joined the domain. After that I've put the ntconfig.pol in the netlogon
> > directory and logged in as the user. The NT workstation fetched
> the policy
> > file but the desktop or any settings weren't changed.
>
> Please try the latest SAMBA_2_2 cvs code. The LDAP support has been
> fixed some. Other than that, I would make sure things work w/o LDAP.
Assuming:
1. your samba server is the PDC
2. the group name you used for this policy is "test"
I think the reason it does not work is because samba does not add the group
"test" to the list of domain groups, so the workstation has no knowledge of
"test" (note, this is not an LDAP problem, just the way samba does it).
Speaking to samba 2.2.1a + LDAP, but the only groups that samba makes
available within the domain are "Domain Admins" and "Domain Users".
There are new group mapping features being added to samba that should
address this but I believe the feature is still in development. I guess
maybe that's why Jerry is suggesting grabbing the code from cvs ;)
HTH,
Doug
More information about the samba
mailing list